Starbucks and several major UK supermarkets have experienced disruption due to a ransomware attack on prominent supply chain software provider Blue Yonder. The company disclosed the incident on Thursday, November 21, and was still restoring services the following Monday.

The disruption to the Blue Yonder platform prevented Starbucks from paying its baristas and managing their schedules, according to the Wall Street Journal. As a result, cafe managers had to manually calculate their employees’ pay using their scheduled shifts, leaving a greater margin for error as actual hours worked may not line up.

SEE: Software supply chain collapses 200%

Sainsbury’s and Morrisons, two of the UK’s biggest supermarket chains, were also affected, according to the trade magazine The Grocer. Sainsbury’s said it had contingencies in place to mitigate any disruption and had restored all operations by Monday, according to TechCrunch.

Morrisons returned to a back-up system to run its warehouses but said the attack had affected the flow of goods to its stores. One of its suppliers said refrigerated orders had been canceled on Friday because of the incident, and the supermarket expected availability of some convenience and wholesale products to drop to as low as 60%.

The cyber attack targeted US-based Blue Yonder’s managed services hosted environment, but its Azure public cloud was not affected. Blue Yonder has called in outside cybersecurity firms to address the incident, but so far has been unable to establish a timeline for a fix.

Acquired by Panasonic in 2021, Blue Yonder provides an end-to-end supply chain platform for warehouse management. It can also be used for demand forecasting and automated ordering.

The company names several other high-profile ventures customersincluding UK supermarket giants Tesco and Asda, DHL, Walgreens, Philip Morris and Carlsberg. None of these companies have acknowledged being affected so far, nor is there any information on the type of data the ransomware group obtained from victims.

At the time of publication, no ransomware group has claimed responsibility for the hack. This could indicate that Blue Yonder gave in to their demands, as attackers often do not admit their involvement or leak data in that case.

SEE: Paying ransom should be your last resort, says cyber security expert

Supply chain, ransomware attacks are on the rise

In recent years, supply chain attacks have become a growing concern in the cybersecurity landscape. The attacks on SolarWinds, Log4j and Codecov are notable attacks. Supply chain attacks are particularly attractive to cybercriminals because they offer multiple rewards for a single breach.

Thirty-one percent of organizations experienced a software-as-a-service data breach in the past 12 months, an increase of 5% over the previous year, according to AppOmni. This surge can be linked to insufficient visibility of the increasing number of deployed applications. According to Onymos, the average enterprise now relies on more than 130 SaaS applications compared to just 80 in 2020.

Last year, British Airways, the BBC and Boots were all served with an ultimatum after being hit by a supply chain attack by ransomware group Clop. Clop exploited an SQL injection vulnerability in popular business software MOVEit and gained access to its servers to steal business data.

Ransomware attacks are also on the rise. Microsoft reported a 2.75-fold increase in ransomware attempts this year, while the second quarter of this year saw the highest number of active ransomware groups on record. Indeed, artificial intelligence can lower the barrier to entry to these attacks, increasing the pool of individuals who can do so.

Global ransom payments exceeded $1 billion for the first time in 2023. “Big game hunting,” where groups go after large organizations and demand ransoms of more than $1 million, is increasing in prevalence, and affected organizations are often asked to pay.